Dynatrace is "aware" of the privacy class action filed against the company Wednesday in U.S. District Court for Massachusetts in Boston (see 2307270025), "and believes it is without merit,” emailed a spokesperson Friday. Dynatrace “at this time" intends to "vigorously defend itself against these allegations,” said the spokesperson. Plaintiffs Alyssa Gary and Marla Defoort allege in their class action that Dynatrace's session replay spyware “wiretaps” the electronic communications of “thousands” of website visitors, secretly observing and recording their “keystrokes, mouse clicks, data entry, and other electronic communications, in real time.” The plaintiffs allege Dynatrace software intercepted their interactions with the Ulta Beauty website in December without their consent.
Plaintiff Jeffrey Hoge’s opposition brief to Southern Theatres’ motion to dismiss a Video Privacy Protection Act (VPPA) lawsuit offered no convincing answers to the chain’s three reasons for dismissal for failure to state a claim, the defendant said Wednesday in a reply brief (docket 1:23-cv-00346) in U.S. District Court for North Carolina Middle District. Hoge alleges Southern Theatres shared his private video viewing information without consent, and “partnered with Facebook” to collect personally identifiable information (PII) each time Hoge viewed a video or bought a ticket on Southern’s websites. In its June motion to dismiss (see 2306230052), the theater chain said the VPPA applies to “video tape service providers,” not movie theaters, while Hoge argued Congress’ definition of video tape service providers should be expanded based on the development of new technologies such as streaming. “This is beside the point -- movies are shown in theaters today in much the same way as they were in 1988, when Congress omitted them from the statute,” said the defendant’s reply brief. Southern argued the information it allegedly disclosed doesn’t constitute PII as defined in the VPPA. “A Facebook ID is a digital code that, on its own, does not identify a specific individual to an ordinary recipient,” said the brief, saying Hoge relies “only on non-binding district court opinions that are contradicted by more persuasive authority from multiple appellate courts.” Also, Hoge “fails to plausibly allege” that if the theater chain did disclose any PII, it knowingly did so. The complaint offers “only a threadbare recital of this element, and this superficial allegation does not withstand scrutiny,” said the reply. Hoge conceded that information allegedly disclosed to Facebook “was not within Southern Theatres’ control, contradicting his assertion that it was knowingly disclosed,” it said. The VPPA suit should be dismissed with prejudice, it said.
Law firm Sidney Austin, counsel for Genworth Financial, filed a notice of related action Tuesday (docket 3083) in MOVEit Customer Security Breach Litigation in U.S. District Court for Eastern Virginia in Richmond. The Delilah King v. Genworth Financialclass action (docket 3:23-cv-00426), filed in Richmond in June, asserts claims of negligence, invasion of privacy, unjust enrichment and violation of the Virginia Personal Information Breach Notification and Consumer Protection acts as a result of Genworth’s May 29 data breach.
U.S. District Judge William Orrick for Northern California in San Francisco signed an order Friday (docket 3:22-cv-03580) relating Santoro v. Meta Platforms to Doe v. Meta Platforms and putting both cases under his watch. The case involves healthcare providers’ use of the Meta Pixel tracking tool on their websites for targeted advertising. In Santoro v. Tower Health and Meta Platforms, plaintiffs Patrick Santoro and Jessica Landis, both of Pennsylvania, allege Tower Health, without their consent, deployed tracking code on its website that caused their personally identifiable information to be transmitted and used “for multiple commercial purposes.”
Four more cases were filed relating to the MOVEit customer data breach litigation, said a notice Thursday (docket No. 3083) from the defendants’ counsel Paulyne Gardner of Mullen Coughlin before the U.S. Judicial Panel on Multidistrict Litigation. The additional actions involve a pending motion for transfer in the MDL. The four filed cases are Cheng v. Pension Benefit Information (docket 2:23-cv-05481), Collins v. Pension Benefit Information, (docket 0:23-cv-02045), Smith v. Pension Benefit Information (docket 0:23-cv-020550) and Harris v. Pension Benefit Information (docket 0:23-cv-02071). The negligence class actions relate to a May data breach that affected over 700,000 California Public Employees’ Retirement System members (see 2307120053). Over 25 member cases are listed on the docket as related or pending.
U.S. District Judge Karen Spencer Marston for Eastern Pennsylvania in Philadelphia granted a motion to consolidate related class actions against Onix Group for a March data breach that affected some 320,000 individuals’ personally identifiable information (see 2307130062), said her order Wednesday (docket 2:23-cv-02301). Marston directed plaintiffs in the consolidated class action to file an amended complaint in their data breach litigation no later than Sept. 15, with defendants’ response due by Nov. 17. All cases that have been designated to Meyers v. Onix Group will be consolidated with the lead case, Marston said. The court appointed as co-lead counsel Benjamin Johns of Shub & Johns and Gary Klinger of Milberg Coleman. Among plaintiffs’ claims are unfair trade practices and consumer protection law violations, negligence and unjust enrichment.
U.S. District Judge Rebecca Gray Jennings for Western Kentucky, Louisville, directed, sua sponte, plaintiff Frank Raney to show cause why his breach of contract suit against PharMerica shouldn't be consolidated with Lurry v. PharMerica Corp. (docket 3:23-cv-00297), in a Wednesday order (docket 3:23-cv-00353). The deadline for a response is Wednesday. Raney sued PharMerica this month alleging the company's March data breach led to “concrete injuries” sustained by dissemination of his personally identifiable information (see 2307120008).
Plaintiff Jane Doe’s opposition is due Aug. 14 to the separate motions of defendants Microsoft and Qualtrics to dismiss her healthcare privacy class action, said an order signed Tuesday (docket 2:23-cv-00718) by U.S. District Judge John Coughenour for Western Washington in Seattle. The defendants’ reply is due Sept. 11, said the order. Doe’s May 15 complaint alleges Microsoft and Qualtrics “repeatedly and systematically” violated patients’ healthcare privacy rights on the Kaiser Permanente website by intercepting and collecting their personal data (see 2305160051). Qualtrics “is just a vendor” that sells “tools” to customers like Kaiser, allowing those customers to collect and analyze “their own website data from their own website," but Qualtrics “does nothing with this data for itself,” said its July 10 motion to dismiss (see 2307120024). Microsoft’s July 13 motion to dismiss said Doe was on notice that Kaiser used third-party software to collect certain website information, and that there was nothing “nefarious” about the tracking technology the website used (see 2307140013).
Six new negligence cases were filed as related cases in MOVEit Customer Data Security Breach Litigation, said a Tuesday notice (docket MDL No. 3083) of related cases at the U.S. Judicial Panel on Multidistrict Litigation. Cases are Acevedo v. Illinois Dept. of Innovation and Technology (docket 3:23-cv-03225), Smith v. Progress Software (docket 1:23-cv-11580), Truesdale v. Progress Software (docket 1:23- cv-01913), Reese v. Ipswich (docket 1:23-cv-11610), Pulignani v. Progress Software (docket 1:23-cv-1912) and Ellis v. Pension Benefit Information, (docket 0:23-cv-02139). This month, Bruce Bailey, the named plaintiff in Bailey v. Progress Software and Pension Benefit Information, moved the JPML to transfer and centralize all related actions to U.S. District Court for Minnesota. The related actions allege Progress Software bears responsibility for a May 28 data breach in which data of over 15 million people was stolen as part of a security breach by Russian ransomware group CL0P.
Two HBO subscribers in California and North Carolina seeking to bring a class-action complaint against HBO for alleged Video Privacy Protection Act violations have dismissed without prejudice their claims, per a notice of voluntary dismissal filed Monday with the U.S. District Court for the Southern District of New York (docket 1:22-cv-01942). The court in January granted a defense motion to dismiss class claims and compel arbitration (see 2301300061).